Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

Friday, July 13, 2007

Daily Highlights

VNUNet reports utility companies could be facing a hacking time bomb owing to poor security measures, since as more utilities move control and billing systems online, hackers are increasingly turning their attention to the possibilities of controlling the systems. (See item 3)·Congressional investigators set up a bogus company with only a postal box and within a month obtained a license from the Nuclear Regulatory Commission that allowed them to buy enough radioactive material for a small dirty bomb. (See item 4)·The Associated Press reports two planes came within 100 feet of colliding at Fort Lauderdale−Hollywood International Airport on Wednesday, July 11, after one missed its turn onto a taxiway and entered the runway where the other was about to land. (See item 11)·Information Technology and Telecommunications Sector

32.July 12, U.S. Computer Emergency Readiness Team— US−CERT Technical Cyber Security Alert TA07−193A: Apple releases security updates for QuickTime. Apple QuickTime contains multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial−of−service condition. Solution: Upgrade QuickTime Upgrade to QuickTime 7.2. This and other updates for Mac OS X are available via Apple Update. Apple Update: http://docs.info.apple.com/article.html?artnum=106704QuickTime 7.2: http://www.apple.com/quicktime/download/On Microsoft Windows, QuickTime users can install the update by using the built−in auto−update mechanism, Apple Software Update, or by installing the update manually.Apple Software Update: http://docs.info.apple.com/article.html?artnum=304263An attacker may be able to exploit some of these vulnerabilities by persuading a user to access a specially crafted media file with a Web browser. Disabling QuickTime in your Web browser may defend against this attack vector. For more information, refer to the Securing Your Web Browser document. An attacker may be able to exploit some of these vulnerabilities by persuading a user to access a specially crafted Java applet with a Web browser. Disabling Java in your Web browser may defend against this attack vector. Instructions for disabling Java can be found in the Securing Your Web Browser document.Securing Your Web Browser: http://www.us−cert.gov/reading_room/securing_browser/Source: http://www.us−cert.gov/cas/techalerts/TA07−193A.html

33.July 11, eWeek— The 'zero−day' solution. There's still no consensus regarding whether the zero−day vulnerability that security researcher Thor Larholm found is on Internet Explorer or on Firefox. But more to the point, there is a way to block the exploit, which otherwise could lead to remote system hijacking. According to Microsoft Security Program Manager Jesper Johansson, blocking the exploit boils down to deleting Firefox protocol handlers. To do so on a single computer, he said, requires running these commands: reg delete HKCR\FirefoxHTML /f; reg delete HKCR\FirefoxURL /f; and reg delete HKCR\Firefox.URL /f. One way to kill the protocol handlers on multiple machines is to group policy script and SMS packages, he said. Rolling the fix out to thousands of machines can be done by creating a batch file deployed as a startup script. To enable restoration of the protocol handlers, Johansson recommended running this command on any machine with Firefox installed: reg export HKCR\ backup.reg. "That will create a reg script that you can use to re−import the settings once Mozilla produces a patch to fix the problem," he said.Source: http://www.eweek.com/article2/0,1895,2157333,00.asp

34.July 11, U.S. Computer Emergency Readiness Team— US−CERT Technical Cyber Security Alert TA07−192A: Adobe Flash Player updates for multiple vulnerabilities. There are critical vulnerabilities in Adobe Flash player and related software. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial−of−service on a vulnerable system. Systems affected: Microsoft Windows, Apple Mac OS X, Linux, Solaris, or other operating systems with any of the following Adobe products installed: Flash Player 9.0.45.0; Flash Player 9.0.45.0 and earlier network distribution; Flash Basic; Flash CS3 Professional; Flash Professional 8, Flash Basic; Flex 2.0; Flash Player 7.070.0 for Linux or Solaris. Solution: Apply Updates: Check with your vendor for patches or updates. For information about a specific vendor, please see the Systems Affected section in the vulnerability notes or contact your vendor directly. If you get the flash player from Adobe, see the Adobe Get Flash page for information about updates.Vulnerability notes: http://www.kb.cert.org/vuls/id/945060Adobe Get Flash: http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlashDisable Flash: Users who are unable to apply the patch should disable Flash.Adobe Security Bulletin: http://www.adobe.com/support/security/bulletins/apsb07−12.ht mlSource: http://www.uscert.gov/cas/techalerts/TA07−192A.html

35.July 11, ComputerWorld— Israeli security firm reports huge spike in PDF spam. Israeli security firm Commtouch Software Ltd. is warning of a massive surge in PDF spam. According to estimates by the company, about 10 percent to 15 percent of all spam over the past day or so has been in the form of PDF messages. "Given the fact that these messages are nearly four times bigger than standard spam messages, this increases overall global spam traffic by 30 percent to 40 percent," said Rebecca Herson, senior director of marketing at the Israel−based company. So far, the outbreak has involved 14 billion to 21 billion PDF unsolicited messages and shows no signs of slowing, Herson said. An analysis of the outbreak shows it to be a truly global zombie−distributed spam attack, Herson said. About 24 percent of the spam e−mails are from the U.S., 14 percent are from Taiwan, and China and Russia accounted for 10 percent and 4 percent, respectively. In all, PDF spam e−mails are being distributed by computers in 167 countries. According to Herson, the technique of sending messages as PDF attachments is relatively new and was first detected only a few weeks ago. The current outbreak shows that spammers have widely adopted the technique, she said.Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9026840&intsrc=hm_list

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"